nnewkin/notes

Releases0

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2019-17676 ↗	Oct 17, 2019Thursday, 17 October 2019, 13:15	8.8 HIGH	6.8 MEDIUM
app/system/admin/admin/index.class.php in MetInfo 7.0.0beta allows a CSRF attack to add a user account via a doSaveSetup action to admin/index.php, as demonstrated by an admin/?n=admin&c=index&a=doSaveSetup URI.